<?php
class RbacCommand extends CConsoleCommand
{
   
    private $_authManager;
    public function getHelp()
    {
        return <<<EOD
USAGE
  rbac
DESCRIPTION
  This command generates an initial RBAC authorization hierarchy.
EOD;
    }
    /**
     * Execute the action.
     * @param array command line parameters specific for this command
     */
    public function run($args)
    {
		//ensure that an authManager is defined as this is mandatory for creating an auth heirarchy
		if(($this->_authManager=Yii::app()->authManager)===null)
		{
			echo "Error: an authorization manager, named 'authManager' must be configured to use this command.\n";
		    echo "If you already added 'authManager' component in application configuration,\n";
		    echo "please quit and re-enter the yiic shell.\n";
		    return;
		}  
		
		//provide the oportunity for the use to abort the request
		echo "This command will create three roles: Admin, Manager, and Onsite, Helpdesk and the following premissions:\n";
		echo "Would you like to continue? [Yes|No] ";
       
		//check the input from the user and continue if they indicated yes to the above question
		if(!strncasecmp(trim(fgets(STDIN)),'y',1)) 
		{
			$bizRule='return Yii::app()->user->id==$params["user_id"];';
			// clear all roles of system
			$this->_authManager->clearAll();
			// create operations for jobs
			$this->_authManager->createOperation("createJob","create a new job");
			$this->_authManager->createOperation("readJob","read job's information",$bizRule);
			$this->_authManager->createOperation("updateJob","update job's information",$bizRule);
			$this->_authManager->createOperation("deleteJob","remove a job",$bizRule);
			// create operations for users
			$this->_authManager->createOperation("createUser","create a new user");
			$this->_authManager->createOperation("readUser","read user profile information");
			$this->_authManager->createOperation("updateUser","update a users information");
			$this->_authManager->createOperation("deleteUser","remove a user from a project");
			// create operations for job groups
			$this->_authManager->createOperation("createJobGroup","create a new job group");
			$this->_authManager->createOperation("readJobGroup","read group's information");
			$this->_authManager->createOperation("updateJobGroup","update group's information");
			$this->_authManager->createOperation("deleteJobGroup","remove a group");
			// create operations for buying equipments
			$this->_authManager->createOperation("createBuyingEquipment","create a record of buying equipments");
			$this->_authManager->createOperation("readBuyingEquipment","read a record of buying equipments",$bizRule);
			$this->_authManager->createOperation("updateBuyingEquipment","update information of buying equipments",$bizRule);
			$this->_authManager->createOperation("deleteBuyingEquipment","remove a record of buying equipments",$bizRule);
			// create operations for receiving & assigning
			$this->_authManager->createOperation("createReceivingAssigning","create a record of receiving assigning");
			$this->_authManager->createOperation("readReceivingAssigning","read a record of receiving assigning",$bizRule);
			$this->_authManager->createOperation("updateReceivingAssigning","update information of receiving assigning",$bizRule);
			$this->_authManager->createOperation("deleteReceivingAssigning","remove a record of receiving assigning",$bizRule);
    		 // create operations for warranty fixing
			$this->_authManager->createOperation("createWarrantyFixing","create a record of warranty fixing");
			$this->_authManager->createOperation("readWarrantyFixing","read a record of warranty fixing",$bizRule);
			$this->_authManager->createOperation("updateWarrantyFixing","update information of warranty fixing",$bizRule);
			$this->_authManager->createOperation("deleteWarrantyFixing","remove a record of warranty fixing",$bizRule);
     
			//create the helpdesk role
			$role=$this->_authManager->createRole("clerk","Helpdesker-Onsiter");
			$role->addChild("createJob");
			$role->addChild("readJob");
			$role->addChild("updateJob");
			$role->addChild("deleteJob");

			

			//create the manager role
			$role=$this->_authManager->createRole("manager","Manager");  
			$role->addChild("createUser");
			$role->addChild("readUser");
			$role->addChild("deleteUser");
			$role->addChild("createJobGroup");
			$role->addChild("updateJobGroup");
			$role->addChild("readJobGroup");
			$role->addChild("deleteJobGroup"); 
			$role->addChild("createBuyingEquipment");
			$role->addChild("updateBuyingEquipment");
			$role->addChild("readBuyingEquipment");
			$role->addChild("deleteBuyingEquipment");   
			$role->addChild("createReceivingAssigning");
			$role->addChild("updateReceivingAssigning");
			$role->addChild("readReceivingAssigning");
			$role->addChild("deleteReceivingAssigning"); 
			$role->addChild("createWarrantyFixing");
			$role->addChild("updateWarrantyFixing");
			$role->addChild("readWarrantyFixing");
			$role->addChild("deleteWarrantyFixing");

			// create the admin role
			$role=$this->_authManager->createRole("admin","Admin");
			$role->addChild("createUser");
			$role->addChild("readUser");
			$role->addChild("deleteUser");
			$role->addChild("updateUser");
			//provide a message indicating success
			echo "Authorization hierarchy successfully generated.";
		} 
    }
}
		